1
22
23 package com.liferay.portal.servlet.filters.autologin;
24
25 import com.liferay.portal.NoSuchUserException;
26 import com.liferay.portal.kernel.log.Log;
27 import com.liferay.portal.kernel.log.LogFactoryUtil;
28 import com.liferay.portal.kernel.servlet.ProtectedServletRequest;
29 import com.liferay.portal.kernel.util.GetterUtil;
30 import com.liferay.portal.kernel.util.InstancePool;
31 import com.liferay.portal.kernel.util.ListUtil;
32 import com.liferay.portal.kernel.util.StringPool;
33 import com.liferay.portal.kernel.util.Validator;
34 import com.liferay.portal.model.User;
35 import com.liferay.portal.security.auth.AutoLogin;
36 import com.liferay.portal.security.pwd.PwdEncryptor;
37 import com.liferay.portal.service.UserLocalServiceUtil;
38 import com.liferay.portal.servlet.filters.BasePortalFilter;
39 import com.liferay.portal.util.PortalInstances;
40 import com.liferay.portal.util.PortalUtil;
41 import com.liferay.portal.util.PropsValues;
42 import com.liferay.portal.util.WebKeys;
43
44 import java.util.ArrayList;
45 import java.util.List;
46
47 import javax.servlet.FilterChain;
48 import javax.servlet.http.HttpServletRequest;
49 import javax.servlet.http.HttpServletResponse;
50 import javax.servlet.http.HttpSession;
51
52
58 public class AutoLoginFilter extends BasePortalFilter {
59
60 public static void registerAutoLogin(AutoLogin autoLogin) {
61 if (_autoLogins == null) {
62 _log.error("AutoLoginFilter is not initialized yet");
63
64 return;
65 }
66
67 List<AutoLogin> autoLogins = ListUtil.fromArray(_autoLogins);
68
69 autoLogins.add(autoLogin);
70
71 _autoLogins = autoLogins.toArray(new AutoLogin[autoLogins.size()]);
72 }
73
74 public static void unregisterAutoLogin(AutoLogin autoLogin) {
75 if (_autoLogins == null) {
76 _log.error("AutoLoginFilter is not initialized yet");
77
78 return;
79 }
80
81 List<AutoLogin> autoLogins = ListUtil.fromArray(_autoLogins);
82
83 if (autoLogins.remove(autoLogin)) {
84 _autoLogins = autoLogins.toArray(new AutoLogin[autoLogins.size()]);
85 }
86 }
87
88 public AutoLoginFilter() {
89 List<AutoLogin> autoLogins = new ArrayList<AutoLogin>();
90
91 for (String autoLoginClassName : PropsValues.AUTO_LOGIN_HOOKS) {
92 AutoLogin autoLogin = (AutoLogin)InstancePool.get(
93 autoLoginClassName);
94
95 autoLogins.add(autoLogin);
96 }
97
98 _autoLogins = autoLogins.toArray(new AutoLogin[autoLogins.size()]);
99 }
100
101 protected String getLoginRemoteUser(
102 HttpServletRequest request, HttpServletResponse response,
103 HttpSession session, String[] credentials)
104 throws Exception {
105
106 if ((credentials != null) && (credentials.length == 3)) {
107 String jUsername = credentials[0];
108 String jPassword = credentials[1];
109 boolean encPassword = GetterUtil.getBoolean(credentials[2]);
110
111 if (Validator.isNotNull(jUsername) &&
112 Validator.isNotNull(jPassword)) {
113
114 try {
115 long userId = GetterUtil.getLong(jUsername);
116
117 if (userId > 0) {
118 User user = UserLocalServiceUtil.getUserById(userId);
119
120 if (user.isLockout()) {
121 return null;
122 }
123 }
124 else {
125 return null;
126 }
127 }
128 catch (NoSuchUserException nsue) {
129 return null;
130 }
131
132 session.setAttribute("j_username", jUsername);
133
134
138 if (encPassword) {
139 session.setAttribute("j_password", jPassword);
140 }
141 else {
142 session.setAttribute(
143 "j_password", PwdEncryptor.encrypt(jPassword));
144
145 session.setAttribute(WebKeys.USER_PASSWORD, jPassword);
146 }
147
148 if (PropsValues.PORTAL_JAAS_ENABLE) {
149 response.sendRedirect(
150 PortalUtil.getPathMain() + "/portal/touch_protected");
151 }
152
153 return jUsername;
154 }
155 }
156
157 return null;
158 }
159
160 protected void processFilter(
161 HttpServletRequest request, HttpServletResponse response,
162 FilterChain filterChain)
163 throws Exception {
164
165 HttpSession session = request.getSession();
166
167 String host = PortalUtil.getHost(request);
168
169 if (PortalInstances.isAutoLoginIgnoreHost(host)) {
170 if (_log.isDebugEnabled()) {
171 _log.debug("Ignore host " + host);
172 }
173
174 processFilter(
175 AutoLoginFilter.class, request, response, filterChain);
176
177 return;
178 }
179
180 String contextPath = PortalUtil.getPathContext();
181
182 String path = request.getRequestURI().toLowerCase();
183
184 if ((!contextPath.equals(StringPool.SLASH)) &&
185 (path.indexOf(contextPath) != -1)) {
186
187 path = path.substring(contextPath.length(), path.length());
188 }
189
190 if (PortalInstances.isAutoLoginIgnorePath(path)) {
191 if (_log.isDebugEnabled()) {
192 _log.debug("Ignore path " + path);
193 }
194
195 processFilter(
196 AutoLoginFilter.class, request, response, filterChain);
197
198 return;
199 }
200
201 String remoteUser = request.getRemoteUser();
202 String jUserName = (String)session.getAttribute("j_username");
203
204 if ((remoteUser == null) && (jUserName == null)) {
205 for (AutoLogin autoLogin : _autoLogins) {
206 try {
207 String[] credentials = autoLogin.login(request, response);
208
209 String redirect = (String)request.getAttribute(
210 AutoLogin.AUTO_LOGIN_REDIRECT);
211
212 if (Validator.isNotNull(redirect)) {
213 response.sendRedirect(redirect);
214
215 return;
216 }
217
218 String loginRemoteUser = getLoginRemoteUser(
219 request, response, session, credentials);
220
221 if (loginRemoteUser != null) {
222 request = new ProtectedServletRequest(
223 request, loginRemoteUser);
224
225 if (PropsValues.PORTAL_JAAS_ENABLE) {
226 return;
227 }
228
229 redirect = (String)request.getAttribute(
230 AutoLogin.AUTO_LOGIN_REDIRECT_AND_CONTINUE);
231
232 if (Validator.isNotNull(redirect)) {
233 response.sendRedirect(redirect);
234
235 break;
236 }
237 }
238 }
239 catch (Exception e) {
240 if (_log.isWarnEnabled()) {
241 _log.warn(e, e);
242 }
243
244 String currentURL = PortalUtil.getCurrentURL(request);
245
246 if (currentURL.endsWith(_PATH_CHAT_LATEST)) {
247 if (_log.isWarnEnabled()) {
248 _log.warn(
249 "Current URL " + currentURL +
250 " generates exception: " + e.getMessage());
251 }
252 }
253 else {
254 _log.error(
255 "Current URL " + currentURL +
256 " generates exception: " + e.getMessage());
257 }
258 }
259 }
260 }
261
262 processFilter(AutoLoginFilter.class, request, response, filterChain);
263 }
264
265 private static final String _PATH_CHAT_LATEST = "/-/chat/latest";
266
267 private static Log _log = LogFactoryUtil.getLog(AutoLoginFilter.class);
268
269 private static AutoLogin[] _autoLogins;
270
271 }